mailing list archives
Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Thu, 13 Jun 2002 18:57:07 +0200
Just a quick heads-up:
MS02-027 cites blocking port 70 as an effective protection against
exploitation of the Gopher buffer overrun in IE / ISA server / MS proxy:
"Most notably, customers who block access to the Gopher protocol (TCP
port 70) at the perimeter firewall would be protected against attempts
to exploit this vulnerability across the Internet."
This is untrue. Gopher servers can run on any port, e.g.
"gopher://evilhacker.net:1234", or why not ":80", so don't trust
blocking port 70 at all. Use the other workarounds instead.
(In fact, in the case of *nix servers, it's even easier for an attacker
to run the fake gopher server on a high port; this way, he won't even
need root priviliges.)
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
- Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 Mikael Olsson (Jun 14)